In July 2020 we received notification from Blackbaud, the vendor for our donor management software stating the following:
In May of 2020, the company discovered and stopped a ransomware attack. After discovering the attempted attack, the Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.
Prior to locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting customers’ data was top priority, Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.
KSC does not store social security numbers or credit card numbers within this system nor is it used to process any financial transactions. For detailed information about the security incident, please click here.